Android is now installed on 2.3 billion devices around the world and boasts a massive 2.6 million apps on the Play Store. While representing an incredible achievement, the numbers also show the Herculean task that Google is faced with when trying to ensure its app store is safe for Android users.
With that many apps, a few bad ones are bound to get through, and a recent study by the University of Sydney and CSIRO's Data61 found 2,040 such apps that either contained malware outright or asked for far too many sensitive permissions.
A large number of the apps found in the study were fraudulent copies of the most popular apps and games like Temple Run, Hill Climb Racing and others. The study used neural networks to examine a million apps' logos and descriptions and compared them to the most popular apps. This flagged 49,608 fraudulent apps.
The apps were then run through VirusTotal's malware checks, which identified as many as 7,426 apps which seemed to have malicious code. The study then proceeded with a relatively more 'relaxed' threshold and ended up with the aforementioned 2,040 apps which it classified as high risk.
Since the publication of the study, around 35% of the apps identified in it have been removed, though it is, of course, concerning that the remaining 65% can still be downloaded. Dr Suranga Seneviratne, one of the co-authors of the study, said, "While Google Play’s success is marked on its flexibility and customisable features that allow almost anyone to build an app, there have been a number of problematic apps that have slipped through the cracks and have bypassed automated vetting processes."
Some of the apps identified by the study also took advantage of excessive user permissions, with 1,565 asking for potentially dangerous permissions. An addition 1,407 had at least five embedded third-party ad libraries.
Source: Computer World